| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEf4Bzbig9DmCEJd0i64gA=jzczK7n=joqiD0MAa6sFSgd=WAw@mail.gmail.com>
Date: Mon, 6 Feb 2023 11:58:51 -0800
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: menglong8.dong@...il.com
Cc: alan.maguire@...cle.com, ast@...nel.org, daniel@...earbox.net,
andrii@...nel.org, martin.lau@...ux.dev, song@...nel.org,
yhs@...com, john.fastabend@...il.com, kpsingh@...nel.org,
sdf@...gle.com, haoluo@...gle.com, jolsa@...nel.org,
bpf@...r.kernel.org, linux-kernel@...r.kernel.org,
Menglong Dong <imagedong@...cent.com>
Subject: Re: [PATCH bpf-next 1/2] libbpf: add support to set kprobe/uprobe
attach mode
On Thu, Feb 2, 2023 at 7:18 PM <menglong8.dong@...il.com> wrote:
>
> From: Menglong Dong <imagedong@...cent.com>
>
> By default, libbpf will attach the kprobe/uprobe eBPF program in the
> latest mode that supported by kernel. In this patch, we add the support
> to let users manually attach kprobe/uprobe in legacy or perf mode.
>
> There are 3 mode that supported by the kernel to attach kprobe/uprobe:
>
> LEGACY: create perf event in legacy way and don't use bpf_link
> PERF: create perf event with perf_event_open() and don't use bpf_link
> LINK: create perf event with perf_event_open() and use bpf_link
>
> Users now can manually choose the mode with
> bpf_program__attach_uprobe_opts()/bpf_program__attach_kprobe_opts().
>
> Link: https://lore.kernel.org/bpf/20230113093427.1666466-1-imagedong@tencent.com/
> Signed-off-by: Menglong Dong <imagedong@...cent.com>
> ---
> tools/lib/bpf/libbpf.c | 26 +++++++++++++++++++++++++-
> tools/lib/bpf/libbpf.h | 19 ++++++++++++++++---
> 2 files changed, 41 insertions(+), 4 deletions(-)
>
> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index eed5cec6f510..0d20bf1ee301 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -9784,7 +9784,7 @@ struct bpf_link *bpf_program__attach_perf_event_opts(const struct bpf_program *p
> link->link.dealloc = &bpf_link_perf_dealloc;
> link->perf_event_fd = pfd;
>
> - if (kernel_supports(prog->obj, FEAT_PERF_LINK)) {
> + if (kernel_supports(prog->obj, FEAT_PERF_LINK) && !opts->no_link) {
> DECLARE_LIBBPF_OPTS(bpf_link_create_opts, link_opts,
> .perf_event.bpf_cookie = OPTS_GET(opts, bpf_cookie, 0));
>
> @@ -10148,16 +10148,28 @@ bpf_program__attach_kprobe_opts(const struct bpf_program *prog,
> struct bpf_link *link;
> size_t offset;
> bool retprobe, legacy;
> + enum probe_mode mode;
> int pfd, err;
>
> if (!OPTS_VALID(opts, bpf_kprobe_opts))
> return libbpf_err_ptr(-EINVAL);
>
> + mode = OPTS_GET(opts, mode, PROBE_MODE_DEFAULT);
> retprobe = OPTS_GET(opts, retprobe, false);
> offset = OPTS_GET(opts, offset, 0);
> pe_opts.bpf_cookie = OPTS_GET(opts, bpf_cookie, 0);
>
> legacy = determine_kprobe_perf_type() < 0;
> + switch (mode) {
> + case PROBE_MODE_LEGACY:
> + legacy = true;
> + case PROBE_MODE_PERF:
> + pe_opts.no_link = true;
> + break;
> + default:
> + break;
> + }
> +
> if (!legacy) {
> pfd = perf_event_open_probe(false /* uprobe */, retprobe,
> func_name, offset,
> @@ -10817,10 +10829,12 @@ bpf_program__attach_uprobe_opts(const struct bpf_program *prog, pid_t pid,
> int pfd, err;
> bool retprobe, legacy;
> const char *func_name;
> + enum probe_mode mode;
>
> if (!OPTS_VALID(opts, bpf_uprobe_opts))
> return libbpf_err_ptr(-EINVAL);
>
> + mode = OPTS_GET(opts, mode, PROBE_MODE_DEFAULT);
> retprobe = OPTS_GET(opts, retprobe, false);
> ref_ctr_off = OPTS_GET(opts, ref_ctr_offset, 0);
> pe_opts.bpf_cookie = OPTS_GET(opts, bpf_cookie, 0);
> @@ -10849,6 +10863,16 @@ bpf_program__attach_uprobe_opts(const struct bpf_program *prog, pid_t pid,
> }
>
> legacy = determine_uprobe_perf_type() < 0;
> + switch (mode) {
> + case PROBE_MODE_LEGACY:
> + legacy = true;
> + case PROBE_MODE_PERF:
> + pe_opts.no_link = true;
> + break;
> + default:
> + break;
> + }
> +
I think this is a good place to also return errors early if, say, user
requested LINK mode, but that mode is not supported by kernel. Instead
of returning some -ENOTSUP generic error, we can error out early?
Similar for PERF mode, if only legacy is supported, and so on. Similar
for attach_uprobe, of course.
> if (!legacy) {
> pfd = perf_event_open_probe(true /* uprobe */, retprobe, binary_path,
> func_offset, pid, ref_ctr_off);
> diff --git a/tools/lib/bpf/libbpf.h b/tools/lib/bpf/libbpf.h
> index 8777ff21ea1d..7fb474e036a3 100644
> --- a/tools/lib/bpf/libbpf.h
> +++ b/tools/lib/bpf/libbpf.h
> @@ -451,8 +451,10 @@ struct bpf_perf_event_opts {
> size_t sz;
> /* custom user-provided value fetchable through bpf_get_attach_cookie() */
> __u64 bpf_cookie;
> + /* don't use bpf_link when attach eBPF pprogram */
typo: pprogram
> + bool no_link;
I've been struggling with this "no_link" name a bit. It is quite
confusing considering that from libbpf's API side we do return `struct
bpf_link`. So I'm thinking that maybe "force_ioctl_attach" would be a
better way to describe it (and will be scary enough for people not
knowing what this is about to not set it to true?)
Also, we'll need size_t: 0 at the end to avoid uninitialized padding
issues (like we have in kprobe_opts and uprobe_opts)
> };
> -#define bpf_perf_event_opts__last_field bpf_cookie
> +#define bpf_perf_event_opts__last_field no_link
>
> LIBBPF_API struct bpf_link *
> bpf_program__attach_perf_event(const struct bpf_program *prog, int pfd);
> @@ -461,6 +463,13 @@ LIBBPF_API struct bpf_link *
> bpf_program__attach_perf_event_opts(const struct bpf_program *prog, int pfd,
> const struct bpf_perf_event_opts *opts);
>
> +enum probe_mode {
shall we call it probe_attach_mode?
also let's elaborate a bit more in doc comment that specifying mode
will force libbpf to use that, but if kernel doesn't support it --
then we'll error out.
> + PROBE_MODE_DEFAULT = 0, /* latest supported by kernel */
> + PROBE_MODE_LEGACY,
> + PROBE_MODE_PERF,
> + PROBE_MODE_LINK,
> +};
> +
> struct bpf_kprobe_opts {
> /* size of this struct, for forward/backward compatiblity */
> size_t sz;
> @@ -470,9 +479,11 @@ struct bpf_kprobe_opts {
> size_t offset;
> /* kprobe is return probe */
> bool retprobe;
> + /* kprobe attach mode */
> + enum probe_mode mode;
nit: mode -> attach_mode?
> size_t :0;
> };
> -#define bpf_kprobe_opts__last_field retprobe
> +#define bpf_kprobe_opts__last_field mode
>
> LIBBPF_API struct bpf_link *
> bpf_program__attach_kprobe(const struct bpf_program *prog, bool retprobe,
> @@ -570,9 +581,11 @@ struct bpf_uprobe_opts {
> * binary_path.
> */
> const char *func_name;
> + /* uprobe attach mode */
> + enum probe_mode mode;
> size_t :0;
> };
> -#define bpf_uprobe_opts__last_field func_name
> +#define bpf_uprobe_opts__last_field mode
ditto
>
> /**
> * @brief **bpf_program__attach_uprobe()** attaches a BPF program
> --
> 2.39.0
>
Powered by blists - more mailing lists